Skip to content
Snippets Groups Projects

Reduce REGEXP_TIMEOUT_SECONDS to 40 seconds

Merged Dominic Couture requested to merge dcouture-regexp-timeout-40 into master
All threads resolved!

What does this MR do and why?

A new global Regexp timeout option was introduced in Ruby 3.2 to mitigate Regular Expression Denial of Service (REDoS) issues.

  1. We set it to 50 seconds in Set Global timeout for Regexp to prevent ReDOS (!145679 - merged)
  2. We set it to 45 seconds in Reduce REGEXP_TIMEOUT_SECONDS to 45 seconds (!174854 - merged)

We are monitoring timeout errors in #499848, there were none since lowering from 50 to 45 a month ago.

This MR lowers the timeout value from 45 to 40 seconds to further reduce the impact of an attempt to exploit REDoS.

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A

How to set up and validate locally

N/A

Edited by Dominic Couture

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading